Monday, 2020-02-10

*** cgoncalves has quit IRC		00:00
*** ccstone has quit IRC		00:00
*** ccstone4 is now known as ccstone		00:01
*** Liang__ has joined #openstack-nova		00:08
*** zhanglong has joined #openstack-nova		00:45
openstackgerrit	Ghanshyam Mann proposed openstack/nova master: Add test coverage of existing console_output policies https://review.opendev.org/706724	00:55
*** vishalmanchanda has joined #openstack-nova		00:58
*** d34dh0r53 has quit IRC		01:04
*** d34dh0r53 has joined #openstack-nova		01:05
*** slaweq has joined #openstack-nova		01:05
openstackgerrit	Ghanshyam Mann proposed openstack/nova master: Fix os-console-output policy to be admin_or_owner https://review.opendev.org/706725	01:07
gmann	melwitt: alex_xu another bug in policy - https://review.opendev.org/706725	01:07
*** spatel has joined #openstack-nova		01:13
*** openstackstatus has joined #openstack-nova		01:16
*** ChanServ sets mode: +v openstackstatus		01:16
openstackgerrit	Ghanshyam Mann proposed openstack/nova master: Add test coverage of existing console_output policies https://review.opendev.org/706724	01:17
*** spatel has quit IRC		01:18
*** mdbooth has quit IRC		01:18
*** mdbooth has joined #openstack-nova		01:19
*** Dinesh_Bhor has quit IRC		01:26
*** brinzhang has joined #openstack-nova		01:36
*** xiaolin has joined #openstack-nova		01:38
*** Dinesh_Bhor has joined #openstack-nova		01:38
*** zhanglong has quit IRC		01:42
openstackgerrit	Ghanshyam Mann proposed openstack/nova master: Add test coverage of existing create_backup policies https://review.opendev.org/706726	01:45
*** zhanglong has joined #openstack-nova		01:45
openstackgerrit	Ghanshyam Mann proposed openstack/nova master: Add test coverage of existing console_output policies https://review.opendev.org/706724	01:49
openstackgerrit	Ghanshyam Mann proposed openstack/nova master: Fix os-create-backup policy to be admin_or_owner https://review.opendev.org/706727	01:59
gmann	melwitt: alex_xu this is another. I think most of the admin_or_owner are buggy - https://review.opendev.org/706727	02:00
*** xiaolin has quit IRC		02:06
*** xiaolin has joined #openstack-nova		02:11
*** jmlowe has joined #openstack-nova		02:21
*** zhanglong has quit IRC		02:22
*** jmlowe has quit IRC		02:28
*** abhishekk has quit IRC		02:31
openstackgerrit	Ghanshyam Mann proposed openstack/nova master: Add test coverage of existing create_backup policies https://review.opendev.org/706726	02:36
openstackgerrit	Ghanshyam Mann proposed openstack/nova master: Fix os-console-output policy to be admin_or_owner https://review.opendev.org/706725	02:59
openstackgerrit	Ghanshyam Mann proposed openstack/nova master: Add test coverage of existing console_output policies https://review.opendev.org/706724	03:02
gmann	efried: melwitt dansmith lyarwood stephenfin these are the fixes to unblock the stable/pike\|queens\|rocky nova gate - https://review.opendev.org/#/q/topic:fix-stable-gate+(status:open+OR+status:merged)+projects:openstack/nova	03:05
*** xiaolin has quit IRC		03:08
*** xiaolin has joined #openstack-nova		03:32
*** tkajinam has quit IRC		03:40
*** tkajinam has joined #openstack-nova		03:41
openstackgerrit	jichenjc proposed openstack/nova master: set default value to 0 instead of '' https://review.opendev.org/706730	03:44
*** psachin has joined #openstack-nova		03:46
*** udesale has joined #openstack-nova		04:09
*** mkrai has joined #openstack-nova		04:14
*** brinzhang has quit IRC		04:51
*** brinzhang has joined #openstack-nova		04:52
*** brinzhang_ has joined #openstack-nova		04:53
*** brinzhang__ has joined #openstack-nova		04:56
*** brinzhang has quit IRC		04:57
*** brinzhang has joined #openstack-nova		04:58
*** brinzhang has quit IRC		04:59
*** brinzhang_ has quit IRC		04:59
*** brinzhang__ has quit IRC		05:00
*** damien_r has quit IRC		05:03
*** evrardjp has quit IRC		05:34
*** evrardjp has joined #openstack-nova		05:34
*** links has joined #openstack-nova		05:37
*** links has quit IRC		05:40
*** huaqiang has quit IRC		05:59
*** xiaolin has quit IRC		06:05
*** yedongcan has joined #openstack-nova		06:08
*** xiaolin has joined #openstack-nova		06:11
*** ratailor has joined #openstack-nova		06:19
*** ratailor has quit IRC		06:20
*** ratailor has joined #openstack-nova		06:21
*** ratailor has quit IRC		06:22
*** ratailor has joined #openstack-nova		06:23
*** ratailor has quit IRC		06:24
*** ratailor has joined #openstack-nova		06:25
*** ratailor has quit IRC		06:25
*** ratailor has joined #openstack-nova		06:26
*** ratailor has quit IRC		06:27
*** cgoncalves has joined #openstack-nova		06:31
*** cgoncalves has quit IRC		06:31
*** cgoncalves has joined #openstack-nova		06:32
*** ratailor has joined #openstack-nova		06:35
*** dpawlik has joined #openstack-nova		06:44
*** dpawlik has quit IRC		06:50
*** dpawlik has joined #openstack-nova		06:55
*** dpawlik has quit IRC		07:16
*** dpawlik has joined #openstack-nova		07:19
*** mkrai has quit IRC		07:27
*** yaawang has joined #openstack-nova		07:35
*** tosky has joined #openstack-nova		07:35
*** ratailor has quit IRC		07:39
*** yaawang has quit IRC		07:39
*** ociuhandu has joined #openstack-nova		07:47
*** slaweq has quit IRC		07:53
*** imacdonn has quit IRC		07:53
*** imacdonn has joined #openstack-nova		07:53
*** mkrai has joined #openstack-nova		08:05
*** maciejjozefczyk has joined #openstack-nova		08:07
*** ociuhandu has quit IRC		08:07
*** ociuhandu has joined #openstack-nova		08:08
*** slaweq has joined #openstack-nova		08:09
*** iurygregory has joined #openstack-nova		08:10
*** ratailor has joined #openstack-nova		08:14
*** ociuhandu has quit IRC		08:14
*** ratailor has quit IRC		08:20
*** ratailor has joined #openstack-nova		08:20
*** tkajinam has quit IRC		08:23
*** tesseract has joined #openstack-nova		08:30
*** damien_r has joined #openstack-nova		08:33
*** ivve has joined #openstack-nova		08:36
*** ralonsoh has joined #openstack-nova		08:38
*** amoralej\|off is now known as amoralej		08:38
*** rpittau\|afk is now known as rpittau		08:41
*** Luzi has joined #openstack-nova		08:45
openstackgerrit	Brin Zhang proposed openstack/nova master: Add new default roles in os-instance-actions policies https://review.opendev.org/706470	08:53
openstackgerrit	Brin Zhang proposed openstack/nova master: Add SYSTEM_READER role to servers actions API https://review.opendev.org/706179	08:56
*** dtantsur\|afk is now known as dtantsur		09:01
*** mkrai has quit IRC		09:30
openstackgerrit	Balazs Gibizer proposed openstack/nova master: Support unshelve with qos ports https://review.opendev.org/704759	09:31
openstackgerrit	Balazs Gibizer proposed openstack/nova master: Enable unshelve with qos ports https://review.opendev.org/705475	09:32
openstackgerrit	Balazs Gibizer proposed openstack/nova master: Merge qos related renos for Ussuri https://review.opendev.org/706766	09:34
*** derekh has joined #openstack-nova		09:38
gibi	stephenfin: hi! replied to you in the unshelve qos series ^^	09:38
gibi	stephenfin: I will do some unshelve testing on master based on your points	09:39
*** ociuhandu has joined #openstack-nova		09:42
*** martinkennelly has joined #openstack-nova		09:47
*** ociuhandu has quit IRC		09:47
*** ociuhandu has joined #openstack-nova		09:54
*** ociuhandu has quit IRC		09:55
*** mkrai has joined #openstack-nova		10:21
*** ociuhandu has joined #openstack-nova		10:27
bauzas	gibi: stephenfin: I know it's not a specs review day today, but if you have time, it would be nice if you could review https://review.opendev.org/#/c/552924/	10:28
bauzas	w3	10:28
bauzas	whoops	10:28
kashyap	bauzas: While you wait on Gibi :D -- https://review.opendev.org/#/c/693844/	10:29
kashyap	But probably requires a non-RHT core, as it already has +2 from Stephen	10:30
bauzas	kashyap: sure, I'll look this afternoon	10:30
bauzas	yeah too	10:30
bauzas	I'll look at specs this afternoon FWIW	10:30
kashyap	Actually, it's for gibi; he already +1ed it, and once the nits are addressed, he said he'd upgrade it.	10:30
kashyap	bauzas: So leave it to Gibi :-)	10:30
kashyap	(Saving your time for other specs.)	10:30
*** ociuhandu has quit IRC		10:32
* gibi is on a call will read back in about 30 minutes		10:32
kashyap	Sure, no rush; this can wait.	10:33
bauzas	yeah no worries gibi ;)	10:34
*** udesale has quit IRC		10:48
*** mkrai has quit IRC		10:51
*** ociuhandu has joined #openstack-nova		10:59
stephenfin	bauzas: Can you grab this? https://review.opendev.org/#/c/706466/	11:01
*** yedongcan has left #openstack-nova		11:01
stephenfin	bauzas: I shall review that spec too, yup	11:01
*** ociuhandu has quit IRC		11:03
*** ociuhandu has joined #openstack-nova		11:03
openstackgerrit	Brin Zhang proposed openstack/nova master: Store instance action event exc_val fault details https://review.opendev.org/694428	11:10
openstackgerrit	Brin Zhang proposed openstack/nova master: Expose instance action event details out of the API https://review.opendev.org/694430	11:10
openstackgerrit	Brin Zhang proposed openstack/nova master: Add server actions v82 samples test https://review.opendev.org/706251	11:20
*** davidsha has joined #openstack-nova		11:31
*** ociuhandu has quit IRC		11:32
*** ociuhandu has joined #openstack-nova		11:32
*** ociuhandu has quit IRC		11:38
*** ociuhandu has joined #openstack-nova		11:41
*** zhanglong has joined #openstack-nova		11:44
*** nicolasbock has joined #openstack-nova		12:01
elod	lyarwood: about this patch: https://review.opendev.org/#/c/706716	12:04
elod	lyarwood: do we need the change in .zuul.yaml?	12:04
lyarwood	elod: I was confused by that at first but it allows the nova-live-migration jobs to run against changes to nova/tests/live_migration/hooks/utils.sh	12:07
elod	lyarwood: I think it would be better to leave that as it was originally. If something changes in live_migration/hooks, then it can be tested with a depends-on tagged (dummy) patch	12:07
lyarwood	elod: I don't really mind either way	12:08
lyarwood	elod: it would be cleaner to do this across all branches tbh	12:08
elod	lyarwood: and there are 3 py files that triggers all dsvm based jobs now	12:08
*** rpittau is now known as rpittau\|bbl		12:08
elod	lyarwood: and of course it would be good to finally fix the rocky branch :)	12:09
*** ociuhandu has quit IRC		12:10
*** ociuhandu has joined #openstack-nova		12:11
elod	lyarwood, gmann : do you mind if I remove the .zuul.yaml changes (in https://review.opendev.org/#/c/706716 ) ?	12:12
lyarwood	elod: I don't but I'd also like to fix the branch :)	12:15
lyarwood	elod: if you do remove it can you push a DNM change on top that does test that job	12:15
*** ociuhandu has quit IRC		12:15
elod	lyarwood: yes, of course, though I think it's already tested now (with the .zuul.yaml change :))	12:16
lyarwood	elod: right but if we change it we still need to test it :)	12:24
lyarwood	but yeah I get your point	12:24
openstackgerrit	Elod Illes proposed openstack/nova stable/rocky: Use stable constraint for Tempest pinned stable branches https://review.opendev.org/706716	12:25
openstackgerrit	Elod Illes proposed openstack/nova stable/rocky: DNM: Test live-migration hook https://review.opendev.org/706812	12:27
lyarwood	thanks	12:27
*** brinzhang has joined #openstack-nova		12:27
elod	lyarwood: thanks, too!	12:27
lyarwood	once we've sorted this out I'll start burning down the remaining stable/rocky changes btw	12:27
*** udesale has joined #openstack-nova		12:28
elod	ok, I will also look at the rocky patches :)	12:29
*** adriant has quit IRC		12:34
*** adriant has joined #openstack-nova		12:35
*** damien_r has quit IRC		12:37
*** zhanglong has quit IRC		12:40
*** zhanglong has joined #openstack-nova		12:42
*** artom has joined #openstack-nova		12:45
*** mgariepy has joined #openstack-nova		12:45
*** ociuhandu has joined #openstack-nova		12:48
*** huaqiang has joined #openstack-nova		12:52
*** ociuhandu has quit IRC		12:53
gmann	elod: lyarwood we need those irrelevant file change otherwise liver migration job can break on run_tests.py changes. what i can do is to run only nova-live-migration job for run_test.py	12:58
*** rosmaita has joined #openstack-nova		13:02
openstackgerrit	Ghanshyam Mann proposed openstack/nova stable/rocky: Use stable constraint for Tempest pinned stable branches https://review.opendev.org/706716	13:03
openstackgerrit	Ghanshyam Mann proposed openstack/nova stable/queens: Use stable constraint for Tempest pinned stable branches https://review.opendev.org/706714	13:03
rosmaita	efried: need a favor when you have a few minutes, let me know what you think of https://review.opendev.org/#/c/706298/	13:03
openstackgerrit	Ghanshyam Mann proposed openstack/nova stable/pike: Use stable constraint for Tempest pinned stable branches https://review.opendev.org/706715	13:05
gmann	lyarwood: elod ^^	13:05
*** ratailor has quit IRC		13:09
*** amoralej is now known as amoralej\|lunch		13:10
*** damien_r has joined #openstack-nova		13:10
*** damien_r has quit IRC		13:11
*** tbachman has joined #openstack-nova		13:12
*** rpittau\|bbl is now known as rpittau		13:12
*** damien_r has joined #openstack-nova		13:15
*** vesper11 has quit IRC		13:15
*** vesper has joined #openstack-nova		13:15
elod	gmann: looks ok to me	13:17
*** artom has quit IRC		13:20
*** jaosorior has joined #openstack-nova		13:25
*** gary_perkins has joined #openstack-nova		13:26
*** priteau has joined #openstack-nova		13:50
*** mgariepy has quit IRC		13:51
*** mgariepy has joined #openstack-nova		13:52
*** lpetrut has joined #openstack-nova		13:55
*** brinzhang has quit IRC		14:06
*** brinzhang has joined #openstack-nova		14:10
*** amoralej\|lunch is now known as amoralej		14:12
*** lbragstad has quit IRC		14:14
*** lbragstad has joined #openstack-nova		14:23
*** mkrai has joined #openstack-nova		14:24
*** ociuhandu has joined #openstack-nova		14:34
*** nweinber has joined #openstack-nova		14:35
*** zhanglong has quit IRC		14:38
openstackgerrit	Ghanshyam Mann proposed openstack/nova master: Add test coverage of existing os-aggregates policies https://review.opendev.org/701651	14:42
openstackgerrit	Ghanshyam Mann proposed openstack/nova master: Add test coverage of existing os-aggregates policies https://review.opendev.org/701651	14:42
openstackgerrit	Ghanshyam Mann proposed openstack/nova master: Introduce scope_types in os-aggregates policy https://review.opendev.org/701652	14:43
openstackgerrit	Ghanshyam Mann proposed openstack/nova master: Add new default roles in os-aggregates policies https://review.opendev.org/701654	14:43
openstackgerrit	Ghanshyam Mann proposed openstack/nova master: Pass the actual target in os-aggregates policy https://review.opendev.org/701656	14:44
openstackgerrit	Ghanshyam Mann proposed openstack/nova master: Add test coverage of existing os-agents policies https://review.opendev.org/701644	14:44
openstackgerrit	Ghanshyam Mann proposed openstack/nova master: Add test coverage of existing os-agents policies https://review.opendev.org/701644	14:45
openstackgerrit	Ghanshyam Mann proposed openstack/nova master: Introduce scope_types in os-agents policy https://review.opendev.org/701645	14:45
openstackgerrit	Ghanshyam Mann proposed openstack/nova master: Add new default roles in os-agents policies https://review.opendev.org/701648	14:45
openstackgerrit	Ghanshyam Mann proposed openstack/nova master: Pass the actual target in os-agents policy https://review.opendev.org/701649	14:45
openstackgerrit	Ghanshyam Mann proposed openstack/nova master: Add test coverage of existing os-console-auth-tokens policies https://review.opendev.org/706687	14:48
openstackgerrit	Ghanshyam Mann proposed openstack/nova master: Introduce scope_types in os-console-auth-tokens https://review.opendev.org/706688	14:48
openstackgerrit	Ghanshyam Mann proposed openstack/nova master: Add new default roles in os-console-auth-tokens policies https://review.opendev.org/706689	14:48
openstackgerrit	Ghanshyam Mann proposed openstack/nova master: Pass the actual target in os-console-auth-tokens policy https://review.opendev.org/706690	14:48
*** spatel has joined #openstack-nova		14:49
openstackgerrit	Merged openstack/nova-specs master: Re-propose "Secure Boot support for KVM & QEMU guests" for Ussuri https://review.opendev.org/693844	14:50
*** xek has joined #openstack-nova		14:50
*** ivve has quit IRC		14:51
*** tbachman has quit IRC		14:53
gmann	elod: thanks	14:53
lyarwood	gmann: just waiting for CI before I ack it btw	14:54
openstackgerrit	Balazs Gibizer proposed openstack/nova master: Reproduce bug 1862633 https://review.opendev.org/706867	14:54
openstack	bug 1862633 in OpenStack Compute (nova) "unshelve leak allocation if update port fails" [Medium,Triaged] https://launchpad.net/bugs/1862633 - Assigned to Balazs Gibizer (balazs-gibizer)	14:54
openstackgerrit	Balazs Gibizer proposed openstack/nova master: Clean up allocation if unshelve fails due to neutron https://review.opendev.org/706868	14:54
gmann	lyarwood: ok, thanks. i did not backport to ocata but i can see open backport for nova ocata which will have same issue. should I backport this fix there too ?	14:56
*** Liang__ has quit IRC		14:56
lyarwood	gmann: if it's an easy cherry pick sure	14:57
gmann	lyarwood: ok	14:57
*** brinzhang has quit IRC		14:57
*** brinzhang has joined #openstack-nova		14:58
*** Liang__ has joined #openstack-nova		14:58
*** brinzhang has quit IRC		15:01
*** brinzhang has joined #openstack-nova		15:01
openstackgerrit	Ghanshyam Mann proposed openstack/nova stable/queens: Use stable constraint for Tempest pinned stable branches https://review.opendev.org/706714	15:03
*** Luzi has quit IRC		15:03
*** eharney has joined #openstack-nova		15:04
openstackgerrit	Ghanshyam Mann proposed openstack/nova stable/pike: Use stable constraint for Tempest pinned stable branches https://review.opendev.org/706715	15:04
*** Sundar has joined #openstack-nova		15:05
openstackgerrit	Ghanshyam Mann proposed openstack/nova stable/ocata: Use stable constraint for Tempest pinned stable branches https://review.opendev.org/706872	15:05
gmann	lyarwood: done ^^. updated with cherry-pick -x	15:06
*** KeithMnemonic has joined #openstack-nova		15:06
Sundar	gibi: Re. https://review.opendev.org/#/c/631244/61/nova/tests/functional/test_servers.py@7621, I have a question. Please LMK when you have a few min.	15:07
*** lpetrut has quit IRC		15:08
gibi	Sundar: hi! I'm available now	15:08
dansmith	efried: I'm thinking we should do a release of train now that the hidden instances fix is in, given its criticality	15:09
efried	dansmith: fine by me. You proposing?	15:12
dansmith	efried: I can yea, I was just looking to see when we last did it	15:12
Sundar	gibi: The Cyborg fixture itself is a mock, and is returning pre-fabricated data. Any queries to it will only return the prefabricated data. Specifically, fake_get_arqs_for_instance will return a single bound ARQ in the current implementation, and hence the first 2 assertions will always be true.	15:13
Sundar	Did you have something else in mind?	15:13
*** mgariepy has quit IRC		15:14
gibi	Sundar: is this mean that there is no state stored in the fixture that is changed by nova during the boot?	15:14
efried	Sundar: Re: blocking unsupported operations: If that's the only objection, I feel like we could get around it by making the blockers error 500 rather than 400. We're allowed to "fix a 500" without a microversion if I understand the rules correctly.	15:15
efried	But if that's not the case, meh. I've backed down from this argument before, won't make a big deal of it now.	15:15
Sundar	gibi: The only two variables that are from the test case are the host name and device_rp_uuid. I could assert for those.	15:16
openstackgerrit	Ghanshyam Mann proposed openstack/nova master: Add test coverage of existing attach_interfaces policies https://review.opendev.org/705126	15:16
gibi	Sundar: yes, those are the thing that is stored in the fixture in the bindings_by_instance	15:16
gibi	Sundar: asserting only for device_rp_uuid and hostname works for me	15:17
openstackgerrit	Ghanshyam Mann proposed openstack/nova master: Introduce scope_types in os-attach-interfaces https://review.opendev.org/705799	15:17
Sundar	efried: Good. sean-k-mooney, dansmith, gibi: Are we all good if we block the unsupported ops with HTTP 500 as efried said?	15:17
openstackgerrit	Ghanshyam Mann proposed openstack/nova master: Add new default roles in os-atttach-inerfaces policies https://review.opendev.org/706672	15:17
dansmith	Sundar: sorry, I'm working on something else, but 500 does not seem appropriate to me	15:17
efried	rosmaita: Looking.	15:17
Sundar	gibi: Sure, thanks.	15:18
rosmaita	efried: ty	15:18
*** mgariepy has joined #openstack-nova		15:18
dansmith	isn't 401/403 the right thing here? tell the user they're not allowed, which could be for any reason which may change in the future (when we allow it or implement it)	15:18
efried	dansmith: my reasoning is, if you try it before we've coded it up, you're going to get a 500 anyway; it'll just be with some really obscure and hard-to-understand error message. We're just making the 500 understandable as a courtesy before we actually add the support.	15:18
gibi	efried, Sundar: for qos we used HTTP 400 for rejecting unsupported moves, and we fixed those 400 without new microversion	15:18
Sundar	dansmith: If it is 400, do we need a microversion change? We are not changing anything, just clarifying what happens with this new feature i.e. accelerator support.	15:19
efried	okay, I thought that was the objection, that you can't put in explicit blockers and then unblock without a microversion.	15:19
dansmith	efried: to me 500 means either server-side code needs fixing, or some infra failure in the backend. and converting 500s to 400s is allowed without a microversion because they're all bugfixes	15:20
efried	I agree strictly it would be best to add support with new microversions, since that's the only way the feature would be discoverable. That makes sense. So... why are we opposed to that strategy in the first place? Just because microversions are a bunch of paperwork?	15:20
dansmith	making them all 40x now with no microversion is fine with me	15:20
dansmith	I think the microversion purists would expect a 400->200 to be a microversion because otherwise people can't know whether or not they should try a thing	15:21
efried	exactly	15:21
Sundar	dansmith, efried: Agreed. We could do it now without a microversion change. Unblocking in the future will need a microversion change, since it is a change in semantics.	15:21
dansmith	I'd much rather do the paperwork than cheat with 500	15:22
efried	agreed	15:22
gibi	I'm OK to have 400 -> 200 with microversion, I just remember that I was asked not to do that for qos	15:22
efried	even leaving it "unsupported" in some way now and then "fixing" without a microversion seems like cheating.	15:22
efried	gibi: do you remember why?	15:23
gibi	trying to find it...	15:23
dansmith	to me,	15:23
dansmith	a thing that doesn't work because of some subtle detail returning "you can't do that right now" and then later returning "okay now you can" is not a huge violation	15:23
dansmith	it's an operation that you can do normally, but can't for some policy reason	15:23
dansmith	so I've never really had a problem with enabling a thing to work by implementing a detail,	15:24
dansmith	because I think a lot of client code that does this is ignorant of the fact that makes the instance special	15:24
gibi	efried: http://lists.openstack.org/pipermail/openstack-discuss/2019-January/001881.html	15:25
dansmith	yup, that ^ :)	15:26
gibi	mriedem was OK with that too http://lists.openstack.org/pipermail/openstack-discuss/2019-January/001887.html	15:26
efried	gibi, Sundar: ack, if we decided on this and set a precedent with the qos feature, so be it. (I feel like the API-SIG might have, ahem, kept the discussion alive a bit longer, had they been involved.)	15:28
efried	rosmaita, lyarwood: I'm going to need a little help here https://review.opendev.org/#/c/706298/	15:29
rosmaita	efried: i'm all yours	15:29
efried	Changing a conf opt default doesn't seem a) wise, b) effective, especially if you were planning to backport this (were you?)	15:30
efried	I also need to understand a bit better which operations are supported/unsupported today and how they break.	15:30
rosmaita	yes, was trying to backport	15:31
rosmaita	but to answer your second question	15:31
efried	The patch says we don't support "direct booting" of an instance created from encrypted volume. Do we support anything from such an image?	15:31
rosmaita	yes, if you boot from volume	15:32
efried	like, does that code path exist for backup/restore or shelve/unshelve?	15:32
lyarwood	efried: nope, we've never supported booting from an encrypted image with cinder_encryption_key_* set in any of the in-tree virt drivers.	15:32
lyarwood	efried: these are encrypted images created by cinder, so outside of Nova's normal flows with encrypted volumes.	15:32
lyarwood	efried: shelve/unshelve shouldn't create images for boot from volume instances	15:33
efried	right right.	15:33
*** jmlowe has joined #openstack-nova		15:33
dansmith	notice how he says "shouldn't" ?	15:33
Sundar	dansmith, efried: The 400s are supposed to be client error. Is this really not an unsupported operation on the server side? Or, are we taking the line that the client should have known about the restriction, and not made the request in the first place, and so it is a client error?	15:33
dansmith	Sundar: but "permission denied" is a 40x error.. it doesn't mean the client did something wrong, it means the client shouldn't try that thing again without circumstances having changed	15:34
dansmith	doesn't "always" mean.. I should say	15:34
efried	lyarwood, rosmaita: And the objection to blocking this at the API level is that we don't want to rip function from 3p drivers that might have figured out a way to support it?	15:35
efried	lyarwood, rosmaita: are we talking about 3p nova virt drivers or 3p cinder storage drivers? Or would it have to be a combination of both for it to work?	15:35
rosmaita	efried: i think we probably should block at api layer, it's just that we don't	15:36
efried	I'm about to agree with that, just want to confirm ---^	15:36
rosmaita	at least short term, if you really want to implement this functionality	15:36
lyarwood	efried: 3p nova virt drivers	15:36
Sundar	dansmith: I am fine with that interpretation. This is what I was doing in https://review.opendev.org/#/c/674726/. So I am going to bring back that patch with some changes in the list of supported ops.	15:37
rosmaita	efried: the config opt change is a quick short term fix that won't require operators to do an upgrade to address this	15:37
lyarwood	rosmaita: I still don't get the usecase tbh	15:37
lyarwood	rosmaita: they boot something that doesn't work and then snapshot it?	15:38
lyarwood	rosmaita: but yeah this is a quick and easy fix to avoid someone doing something like that	15:38
rosmaita	lyarwood: hopefully it is low probability	15:38
rosmaita	but i could see someone doing a script that boots, and snapshots immediately for some reason	15:38
rosmaita	and then when a useless image is deleted, the problem happens	15:39
rosmaita	efried: if a config value change backport isn't allowed, maybe we could just backport the "known issues" part of the release note	15:39
lyarwood	rosmaita: anything is possible I guess	15:40
efried	okay, so putting my dansmith hat on (it's red, for multiple reasons), I don't think we worry about accommodating 3p virt drivers in situations like this. I usually insist we send a courtesy email to openstack-discuss when we make interface changes that could break 3p drivers; but that's about all we do.	15:40
* dansmith approves		15:40
lyarwood	okay well in that case lets block it in the API fully and backport that	15:40
efried	rosmaita: I don't know for sure that backporting config default changes is disallowed, but it sounds like something that would be.	15:41
efried	but also, I just don't see it doing much good.	15:41
efried	because you're only going to "help" people who didn't already have the value set, and who were trying to do this craziness in the first place.	15:41
openstackgerrit	Ghanshyam Mann proposed openstack/nova master: Fix os-create-backup policy to be admin_or_owner https://review.opendev.org/706727	15:42
rosmaita	i guess i can just send something to the operators list	15:42
rosmaita	efried: lyarwood: i still think it's worth "blacklisting" those cinder_ properties, cinder should be the only one writing those	15:43
openstackgerrit	Merged openstack/nova-specs master: Support multiple store of Glance https://review.opendev.org/641210	15:45
efried	rosmaita: From what I understand so far, that makes sense to me. Under what possible circumstances could those properties actually be useful/used? And shouldn't those special circumstances be under careful control of cinder anyway?	15:45
efried	rosmaita: Conceivably you could touch the conf opt anyway, but just to beef up the help message with something like "by the way, don't bother including XYZ options here, cause we'll always ignore them"	15:46
rosmaita	efried: there are circumstances in which users could set those properties, but they should do it explicitly, not let nova do it	15:47
efried	lyarwood: rosmaita: Okay, so do we have a path forward?	15:47
rosmaita	i think so ... config change + reject instance-create call	15:48
openstackgerrit	Ghanshyam Mann proposed openstack/nova master: Add test coverage of existing create_backup policies https://review.opendev.org/706726	15:48
lyarwood	yup	15:48
rosmaita	i can look into blocking this at the API layer, hopefully that's not too complicated	15:49
lyarwood	rosmaita: let me know if you need help and I can also take a look at that	15:49
rosmaita	lyarwood: thanks, will do	15:49
lyarwood	rosmaita: btw, do you think cinder could ever move to a shared encryption_key image property with glance and nova?	15:49
lyarwood	rosmaita: it would make all of this so much easier to handle	15:50
rosmaita	lyarwood: well ... there's another encryption key effort going on	15:50
rosmaita	it envisions shared keys	15:50
lyarwood	rosmaita: oh jeez	15:50
rosmaita	meaning one key, multiple resources	15:50
lyarwood	rosmaita: link?	15:51
rosmaita	this cinder workflow is meant to keep 1-1 key-resource relation to make deletion possible	15:51
lyarwood	rosmaita: 1:1 between the volume and image?	15:51
efried	rosmaita: "config change"? what config change?	15:51
rosmaita	efried: blacklisting the cinder_* properties in the non_inheritable_image_properties list	15:52
efried	rosmaita: Is there not a way to simply do that blacklisting without involving the conf opt?	15:52
rosmaita	lyarwood: each volume and each image have their own corresponding barbican secret	15:52
efried	rosmaita: I think that's what I was suggesting earlier. IOW wherever this conf opt is processed in the nova code, just always add those keys no matter what. And don't change the conf opt default.	15:53
rosmaita	efried: don't know, that's what the conf opt has been used for in the past	15:53
rosmaita	it prevents the img_* properties from being inherited (those are the ones used for signature validation_)	15:53
spatel	sean-k-mooney: morning, This is cool, soon going to run erlang load-test and will let you know - http://paste.openstack.org/show/789378/	15:54
rosmaita	lyarwood: https://etherpad.openstack.org/p/image-encryption-weekly-meeting -- it's not up to date, but i think it has links to all the specs about the other encryption effort	15:55
lyarwood	rosmaita: oh that, I think that's died now anyway	15:55
rosmaita	lyarwood: no, it is very much alive, the etherpad is just dead	15:55
lyarwood	rosmaita: well the nova-spec died at least	15:56
rosmaita	lyarwood: interesting	15:56
lyarwood	rosmaita: I wanted to propose a LUKS based alternative in V FWIW	15:56
rosmaita	lyarwood: eharney is very much of the same mind, i think	15:57
*** nweinber has quit IRC		15:58
lyarwood	rosmaita: wonderful, it would need some qemu-img convert magic to rotate keys while keeping things encrypted etc but shouldn't be too hard to sort out in nova and cinder.	15:59
openstackgerrit	Eric Fried proposed openstack/nova master: DNM: Never convey cinder_encryption_key_* in snapshots https://review.opendev.org/706888	15:59
efried	lyarwood: rosmaita: So what I'm talking about is, don't muck with the conf opt defaults (or do, actually, it wouldn't matter), instead do like this: ^	15:59
efried	...as well as the API blocker.	15:59
rosmaita	efried: i don't object to that, though you may want to keep a list instead	16:01
efried	"keep a list" of what?	16:01
rosmaita	because the img_ properties should probably also be popped	16:01
rosmaita	efried: keep a list of really_seriously_non_inheritable_image_properties	16:02
rosmaita	(not configurable)	16:02
efried	oh, yeah, sure, whatevs, the idea being that there are certain keys we never inherit, regardless of the conf opt	16:02
efried	I leave the details to the experts :P	16:02
lyarwood	ack yeah LGTM if we also block attempts to create instances from images with these props in the same change.	16:03
efried	cool.	16:03
rosmaita	efried: lyarwood: ok, i will include the really_seriously_non_inheritable_image_properties in the same patch as the API change	16:05
efried	rosmaita: cool, left summary text on the patch with pointers to this conversation. I'll abandon my DNM.	16:06
rosmaita	efried: ty	16:06
*** ociuhandu has quit IRC		16:07
*** ociuhandu has joined #openstack-nova		16:08
efried	bauzas: I went ahead and abandoned the MKTME spec https://review.opendev.org/#/c/666769/	16:09
efried	AFAIU that effort is dead anyway. If Intel decides to do anything with mem-encrypted images, it would probably be around SGX anyway.	16:09
bauzas	cool with me	16:09
bauzas	FWIW, I'm giving a round of spec reviews today before tomorrow's spec review day	16:10
bauzas	efried: or others, ping me any spec you'd like me to review	16:10
*** ociuhandu has quit IRC		16:12
*** ociuhandu has joined #openstack-nova		16:17
*** nweinber has joined #openstack-nova		16:17
*** gyee has joined #openstack-nova		16:18
*** Sundar has quit IRC		16:21
*** ociuhandu has quit IRC		16:21
*** ociuhandu has joined #openstack-nova		16:22
*** udesale has quit IRC		16:24
*** TxGirlGeek has joined #openstack-nova		16:27
openstackgerrit	Lee Yarwood proposed openstack/nova master: images: Move qemu-img info calls into privsep https://review.opendev.org/706897	16:29
openstackgerrit	Lee Yarwood proposed openstack/nova master: images: Use JSON as the output format of qemu-img https://review.opendev.org/706898	16:29
openstackgerrit	Lee Yarwood proposed openstack/nova master: virt: Pass request context to extend_volume https://review.opendev.org/706899	16:29
openstackgerrit	Lee Yarwood proposed openstack/nova master: WIP libvirt: Fix attached encrypted volume extension https://review.opendev.org/706900	16:29
*** tbachman has joined #openstack-nova		16:31
*** jmlowe has quit IRC		16:39
*** Sundar has joined #openstack-nova		16:46
*** tosky has quit IRC		16:48
*** psachin has quit IRC		16:49
*** priteau has quit IRC		16:56
*** ociuhandu has quit IRC		17:00
gibi	bauzas: left some feedback on the NUMA spec https://review.opendev.org/#/c/552924/	17:02
* bauzas nods and thanks		17:02
*** ircuser-1 has joined #openstack-nova		17:02
openstackgerrit	Lee Yarwood proposed openstack/nova master: virt: Provide block_device_info during rescue https://review.opendev.org/700811	17:03
openstackgerrit	Lee Yarwood proposed openstack/nova master: libvirt: Add support for stable device rescue https://review.opendev.org/700812	17:03
openstackgerrit	Lee Yarwood proposed openstack/nova master: compute: Report COMPUTE_RESCUE_BFV and check during rescue https://review.opendev.org/701429	17:03
openstackgerrit	Lee Yarwood proposed openstack/nova master: api: Introduce microverion 2.82 allowing boot from volume rescue https://review.opendev.org/701430	17:03
openstackgerrit	Lee Yarwood proposed openstack/nova master: compute: Extract _get_bdm_image_metadata into nova.utils https://review.opendev.org/705212	17:03
openstackgerrit	Lee Yarwood proposed openstack/nova master: WIP libvirt: Support boot from volume instance rescue https://review.opendev.org/701431	17:03
bauzas	gibi: ok, it's 6pm here and you provide good thoughts	17:04
bauzas	gibi: let's discuss on it if you agree by tomorrow 10am (-ish)	17:04
gibi	bauzas: yeah, it is something to sleep on :)	17:04
gibi	I will be available around 10ish tomorrow	17:05
bauzas	cool	17:06
bauzas	I have to leave btw.	17:06
bauzas	\o	17:06
gibi	o/	17:06
* gibi leaves too		17:06
*** rpittau is now known as rpittau\|afk		17:07
*** nweinber has quit IRC		17:08
*** ociuhandu has joined #openstack-nova		17:08
*** martinkennelly has quit IRC		17:08
*** mdbooth_ has joined #openstack-nova		17:14
*** mdbooth has quit IRC		17:16
*** mkrai has quit IRC		17:21
*** ociuhandu has quit IRC		17:31
*** nweinber has joined #openstack-nova		17:33
*** evrardjp has quit IRC		17:34
*** evrardjp has joined #openstack-nova		17:34
*** dtantsur is now known as dtantsur\|afk		17:34
*** ociuhandu has joined #openstack-nova		17:36
openstackgerrit	Stephen Finucane proposed openstack/nova master: WIP: api: Add support for extra spec validation https://review.opendev.org/704643	17:38
*** ociuhandu has quit IRC		17:41
*** davidsha has quit IRC		17:51
*** tesseract has quit IRC		17:52
*** mlavalle has joined #openstack-nova		17:55
*** openstackstatus has quit IRC		17:57
*** openstack has joined #openstack-nova		17:59
*** ChanServ sets mode: +o openstack		17:59
*** derekh has quit IRC		18:00
*** martinkennelly has joined #openstack-nova		18:08
*** Liang__ has quit IRC		18:08
*** jmlowe has joined #openstack-nova		18:12
*** jaosorior has quit IRC		18:16
*** nweinber has quit IRC		18:16
*** jmlowe has quit IRC		19:00
*** jmlowe has joined #openstack-nova		19:03
*** amoralej is now known as amoralej\|off		19:04
*** amoralej\|off is now known as amoralej		19:04
*** amoralej is now known as amoralej\|off		19:07
*** eharney has quit IRC		19:07
*** eharney has joined #openstack-nova		19:09
*** ralonsoh has quit IRC		19:10
umbSublime	sean-k-mooney, efried I got some bad news :/ I was told (not without a fight) to stop all efforts related to inv TSC blueprint... (At least during business hours)	19:10
*** jmlowe has quit IRC		19:11
*** artom has joined #openstack-nova		19:17
*** jmlowe has joined #openstack-nova		19:20
efried	umbSublime: Okay. What do you want to do paperwork-wise?	19:26
efried	Abandon or defer?	19:26
*** igordc has joined #openstack-nova		19:35
umbSublime	I don't know :/ (this situation kind of got me a bit riled up), I guess abandon. If this is re-prioritized again on our end I'll recreate the bp/spec	19:37
*** jmlowe has quit IRC		19:38
efried	umbSublime: okay. Abandon is totally undo-able, nothing is lost.	19:39
*** jmlowe has joined #openstack-nova		19:40
sean-k-mooney	umbSublime: i see ok. given the time constraitns im not sure upstream people will be able to spend much time on this this cycle but next cycle we can help adress this usecasue if it is still important to you or others	19:42
sean-k-mooney	i.e. i wont have spare time to drive this myself before thursday but i can help you with it next cycle if that is soemthing you want	19:43
umbSublime	During all my reaserch on this topic I didn't notice any related feature request of openstack users hitting the issue I weas trying to resolve therefore. It's probably best to adandon, this might of been a very specific use case	19:43
sean-k-mooney	well no harm done either way	19:44
umbSublime	I'm not to sure where I stand on this right now, but i think abandon is the way to go for now	19:49
*** igordc has quit IRC		19:53
*** N3l1x has joined #openstack-nova		19:56
*** N3l1x_ has joined #openstack-nova		19:56
*** dklyle has quit IRC		20:19
*** david-lyle has joined #openstack-nova		20:19
*** eharney has quit IRC		20:22
*** jmlowe has quit IRC		20:22
*** nweinber has joined #openstack-nova		20:33
*** martinkennelly has quit IRC		20:35
*** jmlowe has joined #openstack-nova		20:37
*** maciejjozefczyk has quit IRC		20:53
*** jmlowe has quit IRC		20:54
*** N3l1x has quit IRC		21:22
*** xek has quit IRC		21:36
*** TxGirlGeek has quit IRC		21:43
*** vishalmanchanda has quit IRC		22:07
*** nweinber has quit IRC		22:07
*** dpawlik has quit IRC		22:14
*** TxGirlGeek has joined #openstack-nova		22:20
*** TxGirlGeek has quit IRC		22:22
*** N3l1x_ has quit IRC		22:29
*** slaweq has quit IRC		22:29
*** CeeMac has joined #openstack-nova		22:34
*** slaweq has joined #openstack-nova		22:41
*** openstackgerrit has quit IRC		22:46
*** slaweq has quit IRC		22:46
*** spatel has quit IRC		22:50
*** nweinber has joined #openstack-nova		22:51
*** nweinber has quit IRC		22:59
*** eharney has joined #openstack-nova		23:02
*** damien_r has quit IRC		23:02
*** damien_r has joined #openstack-nova		23:04
*** damien_r has quit IRC		23:09
*** artom has quit IRC		23:09
*** nicolasbock has quit IRC		23:26
*** ociuhandu has joined #openstack-nova		23:30
*** nicolasbock has joined #openstack-nova		23:34
*** ociuhandu has quit IRC		23:35
*** slaweq has joined #openstack-nova		23:59

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!